Access Control in a Distributed Object Environment Using XML and Roles

We discuss the design of an integrated security architecture for authorization and authentication in a distributed object environment. Our architecture will have four main components: an authentication engine, an interface, a session manager and an authorization engine. The core component of our model is the session manager, which issues XML-based session certificates to authenticated users. A session certificate will be used by the authorization engine to establish the legitimacy of an access request by a user. We will also describe how the architecture supports dynamic revocation of session certificates and delegation